package com.sailorj.medical.web.filter;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
public class PermissionInterceptor {
	// 在执行handler之前执行的
	// 用于用户认证校验、用户权限校验
	private static final Logger LOG = LogManager.getLogger(PermissionInterceptor.class);
	String url ;
	public boolean urlHandle(HttpServletRequest request, HttpServletResponse response, String goURL) throws Exception {
		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse res = (HttpServletResponse) response;
		HttpSession session = req.getSession();

		// 从Session中取出权限范围的URL
		List<String> urlDataLists = (List<String>) session.getAttribute("urlDataList");
    for (String urlDataList : urlDataLists) {
		  	url = urlDataList;
//			  LOG.info("urlDataList==" + urlDataLists);
//			  LOG.info("从Session中取出该用户权限范围的URL==" + url);
//			  LOG.info("url.indexOf(goURL)的URL==" + url.indexOf(goURL));
			  if (url.indexOf(goURL) >= 0) {
					LOG.info("成功授权goURL==" + goURL);
					LOG.info("成功授权url==" + url);
					return true;
				}
		}
		LOG.info("无权限访问url==" + goURL);
		// 如果返回false表示拦截器不继续执行handler，如果返回true表示放行
		return false;
	}

	/**
	 * 判断用户是否登录
	 */
	public boolean loginHandle(HttpServletRequest request, HttpServletResponse response) throws Exception {
		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse res = (HttpServletResponse) response;
		HttpSession session = req.getSession();
		if (session.getAttribute("userid") != null) {
			return true;
		}

		return false;
	}
}
